Bastian Bittorf <[email protected]> wrote: > There are "automated" signatures (e.g. from builbot) and manual ones, > from humans. For protecting ourselfes from bad admins, there should be > a "secret thing" which is baked into the firmware and only seeable > during runtime: this way we can prevent, that a lazy admin "signs" a > sha256 sum, without really has flashed the image and can make sure that > it really runs.
Please don't use a symmetric key in the firmware. Especially one that
anyone can download and examine. This is what Philips did for the HUE bulb,
and it was a disaster.
> Now the question: a secret can be e.g. # ls -la /etc | md5sum
> This is naive, and a dumb admin can e.g. unsquashfs the image for
> getting the data. are there better methods? any ideas?
Yes, use an asymmetric key, and distribute the public part only.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Lede-dev mailing list [email protected] http://lists.infradead.org/mailman/listinfo/lede-dev
